Radio frequency identification (RFID) technology is being used at an expanding rate by manufacturers, retailer, logistics providers, and other users to replace or supplement a variety of traditional systems. Most notably, RFID technology may be implemented as a part of a supply chain management system to facilitate tracking, securing, and managing of items from manufacturing to retail.
In essence, RFID works by enabling a wireless exchange of information between a tagged object and a reader/writer, which in turn allows a host to process the information associated with the tagged object. FIG. 1 shows one example of such an RFID system. Three components are included in this basic RFID system 100. First, one or more tags 102 or transponders may be deposited on an item to be tracked. The item may be any suitable item known to those skilled in the art upon which an RFID tag may be attached, such as retail merchandise. The tags 102 may vary in shapes, sizes, and materials to suit the conditions of the item. Each RFID tag 102 may include two components, a computer chip 106 and an antenna 108. Appropriate information associated with the tagged item, including, for example, item name, description, or any other suitable item-related information, may be stored on the computer chip 106 and/or a server away from the tag.
Depending on the application, the tags 102 may be passive, active, or battery assisted. Passive tags generally utilize the power derived from the signals sent by a reader to respond to the reader. Active tags power their transmissions with an attached battery, while battery-assisted tags use an attached battery to power chip electronics, but does not use the battery for transmission. While the less costly passive tags are most frequently used in connection with supply chain management systems, active tags play a major role in marking shipping containers etc. in the supply chain management systems.
Functionally, tags 102 may fall into two categories, read-only or read/write. Read-only tags are programmed with a fixed set of information during manufacturing, and this information cannot be altered at a later time. Read/write tags on the other hand allow writing and/or rewriting of its information by an authorized user. Some read/write tags may include a read-only portion in which certain information may be stored and protected while allowing other information stored in a writable portion to be modified. Some examples for modifying the read/write tags, for example, to effect tracking of a product from manufacturing to retail, will be discussed in more detail below.
One or more read/write devices or interrogators 110 may be used to communicate with the tags 102. The read/write device 110 may include an antenna 112, a transceiver 114, and any other suitable components for facilitating reading and writing to tags 102. Typically, to communicate with a particular tag or set of tags 102, the read/write device 110 sends out through transceiver 114 and antenna 112 an RF signal in the frequency to which the target tags 102 are tuned. In response to receiving the signal, the targeted tags 102 respond by transmitting at least a part of their stored data. Upon receiving the data transmitted by the tags 102, the reader/writer 110 decodes the data and may transfer the data to a host computer system 116 for processing. The reader/writer 110 may either be fix-positioned or portable and may be either wired or wireless.
An RFID tag often contains data in the form of an Electronic Product Code (EPC). The EPC is essentially a unique serial number that is assigned to the item to which the RFID tag is affixed or otherwise associated. The tag may also contain EPC-related information, i.e., any suitable information that has been associated with the item bearing an EPC.
An RFID system provides many advantages over traditional tracking and inventory systems that utilize code-based technologies (e.g., bar code). Most notably, RFID utilizes radio frequency for communication and therefore may communicate with multiple tags positioned out of sight. In addition, much more information may be stored on an RFID tag, which provides a broad range of opportunities for associating various information with the tracked items. The read/write tags have the added advantage of reusability and modifiability, which reduces replacement cost and allows more accurate and flexible association of information with the tracked items.
In view of the above advantages associated with RFID technology, many enterprises/organizations have developed applications for implementing RFID in their various operations. For example, RFID tags may be attached to individual products as they come off the production line at a manufacturer's factory. These tags may contain data such as the date of production, special product care instructions (i.e., a special temperature that the product is to be kept at), and/or any other suitable information that the manufacturer wishes to have associated with the product. The manufacturer may store the tag information in its own database. Scanning of the tags as the products leave the factory, for example, via a tag reader fixed to a door, may inform the manufacturer which products are no longer stored in the factory. This information may be used to update the manufacturer's database, which may in turn allow the manufacturer to monitor, manage, and/or optimize its business, for example, by using the data to assess whether it has been consistently shipping out the oldest products in accordance with its first-in-first-out (FIFO) policy.
This example illustrates one scenario in which RFID data collection, storage, and analysis may be helpful to a manufacturer, for example, for streamlining its operations. Many other scenarios exist where RFID data may be used to optimize, manage, and otherwise benefit an enterprise/organization. Additionally, because today's businesses are interconnected with each other in a plethora of ways, it is quite probable that one enterprise/organization's RFID data may also be very beneficial to other enterprises/organizations such as enterprises/organizations situated down the supply chain from the manufacturer.
In one particular scenario, an enterprise/organization, acting in the role of a retailer that purchases from the above manufacturer, may wish to gain access to the manufacturer's stored RFID data, including production date and shipped date data. Using this data, the retailer may determine the best time to schedule its quarterly shipment from the manufacturer to ensure that the manufacturer will have enough products on hand to satisfy the retailer's needs.
In another scenario, the enterprise/organization, in its retailer role, may wish to gain access to the manufacturer's stored RFID data, for example, with regard to the special condition that the products have been kept under (i.e., temperature for perishable food). Using this data, the retailer may determine whether an expiration date can be properly applied because the products have been kept according to the manufacturer's special instructions.
On the reverse side, the enterprise/organization in the manufacturer role may wish to analyze the retailer's RFID data, for example, generated from sales made at the cash register, to infer how many products have been sold within a particular period. The manufacturer may use this data to adjust its production schedule to promptly satisfy reorder demands from the retailer.
These examples demonstrate, at a high level, some benefits of RFID data access both within and across enterprises/organizations in their various related roles. Many other scenarios exist in which data sharing among a plurality of users acting in a variety of roles within an enterprise/organization and across multiple enterprises/organizations could be advantageous for everyone involved.
Many enterprises/organizations have realized the power of such data sharing, but few have made it a reality due to the obstacles associated with such sharing. A primary obstacle is an enterprise/organization's concern over proper authorization of an enterprise/organization and/or a particular user within an enterprise/organization that accesses the data. For example, the enterprise/organization acting in a retailer role in the above examples may wish the enterprise/organization acting in a related manufacturer role to see how many of the manufacturer's products are left in the retailer's warehouse to enable the manufacturer to restock automatically. At the same time, the retailer may not wish the manufacturer to gain access to information about what other products are being stored in the retailer's warehouse or sold at its registers. Additionally, the retailer may be concerned with which individuals and/or sub-organizations within the manufacturer's organization are accessing the retailer's data. For example, the retailer may only wish to share its data with a user acting in a product management role (e.g., manufacturer's production manager) to see the relevant product information and would like to prevent individuals outside of that role (e.g., warehouse workers) from accessing the same information.
One way to address the above need of the retailer may be to require that the retailer modify its database to prevent the enterprise/organization acting in the manufacturer role from seeing some subsets of data. The retailer could further restrict the data view scope of specific individuals and/or sub-organizations acting in specific roles within the manufacturer's organization. This approach may work if the sharing is only on a small scale between a limited number of enterprises/organizations, each having a small number of sub-organizations and/or individuals with data access capabilities. The approach is less desirable, however, if the number of organizations, individuals, and/or sub-organizations sharing the data are large or the databases themselves are vast because each sharer must be painstakingly assessed, prevented, or allowed to view specific data sets.
Another obstacle for sharing RFID data across enterprises/organizations is that data warehousing and data mining are performed very differently from one enterprise/organization to another. It is not uncommon for two enterprises/organizations to differ in everything from the type of databases to the type of hardware to the type of network connections they use. Since different hardware and software rarely work together in a cohesive and smooth manner without considerable integration work, RFID data sharing can be difficult from a technical standpoint.
While most of the current EPC-related data sharing deals with enterprise/organization-generated data, a new trend has begun for collecting and sharing EPC-related data associated with end consumers. For example, when a consumer purchases a product bearing an EPC at a retailer, the retailer may gather much information about the consumer in association with the EPC. As one example, at the cash register, the retailer may acquire information such as the consumer's name, address, credit card information, and much other personal information about the consumer. If desired, the retailer may also obtain and/or infer additional information about the consumer using the above personal information. For example, the retailer may learn the consumer's credit history using the consumer's credit card information, may use the consumer's address and/or credit information to infer income, may use the consumer's name to acquire past purchase patterns associated with the consumer from other enterprises/organizations, etc. The retailer may then associate all this consumer information with the EPC of the product purchased by the consumer and may share the EPC-related consumer data with other enterprises/organizations as a part of the EPC-related data sharing discussed above.
Currently, the consumer has little or no control over the information being collected about him when the consumer becomes associated with an EPC or how such information may be shared. As a consequence, the consumer may receive unwanted spam mail from enterprises/organizations that have gained access to the consumer address, may be exposed to creditors who have acquired extensive knowledge of the consumer's credit history, and may be subject to a variety of other possible liabilities and/or undesirable effects because of the consumer's inability to protect his private information.
Of course, not all EPC-related information collected in connection with a consumer necessarily harms the consumer. Some information may actually be very beneficial when made accessible to an appropriate entity. For example, when a consumer returns a purchased product, the retailer, who has access to consumer data collected in association with the EPC of the purchased product, may easily access information such as the correct purchase price, purchase date, and/or warranty information using the product EPC and refund the proper amount to, for example, the appropriate credit card. As another example, during an urgent product recall, such as a pharmaceutical recall, a manufacturer may efficiently contact a consumer if the manufacturer is able to acquire consumer information from retailers of its pharmaceutical products through EPC-related data sharing. As yet another example, when a consumer purchases a high value item such as an expensive home theatre system, the consumer's home insurance company may automatically update the consumer's insured home value if consumer information collected at the retailer enables the home insurance company to be alerted as to the purchase of the high value item. Many other applications exist in which EPC-related consumer data may be positively used to benefit the consumer.
A few enterprises/organizations have recently implemented limited measures for addressing security concerns over the collection of EPC-related consumer data. Most of these implemented measures deal with deactivation of the RFID tag bearing the EPC. For example, an RFID reader may use a deactivation code to render an RFID tag unreadable when the product bearing the RFID tag is sold to a consumer. Such deactivation, however, also eliminates any possibility for collecting information that may be used to benefit the consumer.
In view of the above, a need exists for an improved way of controlling the collection and sharing of sensor-related consumer data so as to maximize the associated benefits and minimize the possible harm to the consumer. There is also a need to enable a consumer to exert control over sensor-related consumer data associated with him. In particular, it is desirable for the consumer to decide what sensor-related consumer data should be collected and who should have access to this data.